[PATCH v3] p54: connect to 11w protected networks

[PATCH v3] p54: connect to 11w protected networks

[Christian Lamparter]

Previously, it was not possible to connect
to networks which requires 11w to be supported
by the stations.

Note:

As all current (and old) firmwares corrupt
incoming, protected management frames, the
decryption offloading needs to be disabled.

This can be done by loading the p54common
module with the nohwcrypt=1 parameter.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
---
v2->v3:
	- fixed modparam_nohwcrypt typo
	(Yes, v2 never compiled :( )

Regards,
	Christian
---
 drivers/net/wireless/p54/main.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/net/wireless/p54/main.c b/drivers/net/wireless/p54/main.c
index 5e91ad0..8ab5aef 100644
--- a/drivers/net/wireless/p54/main.c
+++ b/drivers/net/wireless/p54/main.c
@@ -739,6 +739,17 @@ struct ieee80211_hw *p54_init_common(size_t priv_data_len)
 		     IEEE80211_HW_PS_NULLFUNC_STACK |
 		     IEEE80211_HW_REPORTS_TX_ACK_STATUS;
 
+	if (modparam_nohwcrypt) {
+		/*
+		 * Only support MFP, if the hardware crypto engine
+		 * is disabled, as the firmware's rx-path corrupts
+		 * incoming CCMP encrypted RX mgmt frames.
+		 * However, if no rx key is uploaded, the firmware
+		 * passes the unencrypted frame to the driver. 
+		 */
+		dev->flags |= IEEE80211_HW_MFP_CAPABLE;
+	}
+
 	dev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
 				      BIT(NL80211_IFTYPE_ADHOC) |
 				      BIT(NL80211_IFTYPE_AP) |
-- 
1.7.10.4

Re: [PATCH v3] p54: connect to 11w protected networks

[Dan Williams]

On Tue, 2012-09-04 at 15:19 +0200, Christian Lamparter wrote:
> Previously, it was not possible to connect
> to networks which requires 11w to be supported
> by the stations.

If at all possible if we can do this without module parameters, that
would be great.  Otherwise how is userspace supposed to connect to a
W-capable network without twiddling driver-specific module options,
something we've tried really hard to not do?  Module options really
aren't any different than private ioctls or IWPRIV commands...

Dan

> Note:
> 
> As all current (and old) firmwares corrupt
> incoming, protected management frames, the
> decryption offloading needs to be disabled.
> 
> This can be done by loading the p54common
> module with the nohwcrypt=1 parameter.
> 
> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
> ---
> v2->v3:
> 	- fixed modparam_nohwcrypt typo
> 	(Yes, v2 never compiled :( )
> 
> Regards,
> 	Christian
> ---
>  drivers/net/wireless/p54/main.c |   11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/drivers/net/wireless/p54/main.c b/drivers/net/wireless/p54/main.c
> index 5e91ad0..8ab5aef 100644
> --- a/drivers/net/wireless/p54/main.c
> +++ b/drivers/net/wireless/p54/main.c
> @@ -739,6 +739,17 @@ struct ieee80211_hw *p54_init_common(size_t priv_data_len)
>  		     IEEE80211_HW_PS_NULLFUNC_STACK |
>  		     IEEE80211_HW_REPORTS_TX_ACK_STATUS;
>  
> +	if (modparam_nohwcrypt) {
> +		/*
> +		 * Only support MFP, if the hardware crypto engine
> +		 * is disabled, as the firmware's rx-path corrupts
> +		 * incoming CCMP encrypted RX mgmt frames.
> +		 * However, if no rx key is uploaded, the firmware
> +		 * passes the unencrypted frame to the driver. 
> +		 */
> +		dev->flags |= IEEE80211_HW_MFP_CAPABLE;
> +	}
> +
>  	dev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
>  				      BIT(NL80211_IFTYPE_ADHOC) |
>  				      BIT(NL80211_IFTYPE_AP) |

Re: [PATCH v3] p54: connect to 11w protected networks

[Christian Lamparter]

On Friday 07 September 2012 18:51:04 Dan Williams wrote:
> On Tue, 2012-09-04 at 15:19 +0200, Christian Lamparter wrote:
> > Previously, it was not possible to connect
> > to networks which requires 11w to be supported
> > by the stations.
> 
> If at all possible if we can do this without module parameters, that
> would be great.
Hm, just a odd question. How does 11w work with
TDLS and networks with mandatory 11w. So what
happens if a station with 11w wants to connect
to a station without over TDLS? So, do we need
to have a MFP flag at a per-station level, or
is it enough if we have it per-vif?

Regards,
	Chr

Re: [PATCH v3] p54: connect to 11w protected networks

[Kalle Valo]

Dan Williams <dcbw@redhat.com> writes:

> On Tue, 2012-09-04 at 15:19 +0200, Christian Lamparter wrote:
>> Previously, it was not possible to connect
>> to networks which requires 11w to be supported
>> by the stations.
>
> If at all possible if we can do this without module parameters, that
> would be great.  Otherwise how is userspace supposed to connect to a
> W-capable network without twiddling driver-specific module options,
> something we've tried really hard to not do?  Module options really
> aren't any different than private ioctls or IWPRIV commands...

Sure, and that's how it works with properly supported hardware. But p54
is so old that the user will need to buy newer hardware if he really
needs 11w support out-of-box. IMHO there's no point of making a huge
effort to add 11w support to older hardware, there are more important
things to fix in Linux wireless stack than that.

-- 
Kalle Valo

Re: [PATCH v3] p54: connect to 11w protected networks

[Christian Lamparter]

On Monday 10 September 2012 14:28:00 Kalle Valo wrote:
> Dan Williams <dcbw@redhat.com> writes:
> 
> > On Tue, 2012-09-04 at 15:19 +0200, Christian Lamparter wrote:
> >> Previously, it was not possible to connect
> >> to networks which requires 11w to be supported
> >> by the stations.
> >
> > If at all possible if we can do this without module parameters, that
> > would be great.  Otherwise how is userspace supposed to connect to a
> > W-capable network without twiddling driver-specific module options,
> > something we've tried really hard to not do?  Module options really
> > aren't any different than private ioctls or IWPRIV commands...
> 
> Sure, and that's how it works with properly supported hardware. But p54
> is so old that the user will need to buy newer hardware if he really
> needs 11w support out-of-box. IMHO there's no point of making a huge
> effort to add 11w support to older hardware, there are more important
> things to fix in Linux wireless stack than that.

Dan's concern has been addressed by v4 of this patch
(which depends on johannes' "add mgmt key flags" patch).
p54 should now provide basic support for 11w protected
networks w/o messing with any module parameters.

Regards,
	Chr 

Re: [PATCH v3] p54: connect to 11w protected networks

[Dan Williams]

On Mon, 2012-09-10 at 17:59 +0200, Christian Lamparter wrote:
> On Monday 10 September 2012 14:28:00 Kalle Valo wrote:
> > Dan Williams <dcbw@redhat.com> writes:
> > 
> > > On Tue, 2012-09-04 at 15:19 +0200, Christian Lamparter wrote:
> > >> Previously, it was not possible to connect
> > >> to networks which requires 11w to be supported
> > >> by the stations.
> > >
> > > If at all possible if we can do this without module parameters, that
> > > would be great.  Otherwise how is userspace supposed to connect to a
> > > W-capable network without twiddling driver-specific module options,
> > > something we've tried really hard to not do?  Module options really
> > > aren't any different than private ioctls or IWPRIV commands...
> > 
> > Sure, and that's how it works with properly supported hardware. But p54
> > is so old that the user will need to buy newer hardware if he really
> > needs 11w support out-of-box. IMHO there's no point of making a huge
> > effort to add 11w support to older hardware, there are more important
> > things to fix in Linux wireless stack than that.
> 
> Dan's concern has been addressed by v4 of this patch
> (which depends on johannes' "add mgmt key flags" patch).
> p54 should now provide basic support for 11w protected
> networks w/o messing with any module parameters.

Great, thanks!

Dan